From 9ab88861c840ca5c3c4be7bf9065ac28273060df Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 15 Sep 2020 20:01:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11977.json | 50 ++++++++++++++++++++++-- 2020/14xxx/CVE-2020-14304.json | 71 ++++++++++++++++++++++++++++++++-- 2020/14xxx/CVE-2020-14314.json | 70 +++++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9416.json | 5 +++ 4 files changed, 187 insertions(+), 9 deletions(-) diff --git a/2020/11xxx/CVE-2020-11977.json b/2020/11xxx/CVE-2020-11977.json index caf1500f2ca..c2f13a180fd 100644 --- a/2020/11xxx/CVE-2020-11977.json +++ b/2020/11xxx/CVE-2020-11977.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-11977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Syncope", + "version": { + "version_data": [ + { + "version_value": "Apache Syncope 2.1.X releases prior to 2.1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Apache Syncope: Remote Code Execution via Flowable workflow definition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://syncope.apache.org/security#CVE-2020-11977:_Remote_Code_Execution_via_Flowable_workflow_definition", + "url": "https://syncope.apache.org/security#CVE-2020-11977:_Remote_Code_Execution_via_Flowable_workflow_definition" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution." } ] } diff --git a/2020/14xxx/CVE-2020-14304.json b/2020/14xxx/CVE-2020-14304.json index 5713c8951e7..a7f9e66e45c 100644 --- a/2020/14xxx/CVE-2020-14304.json +++ b/2020/14xxx/CVE-2020-14304.json @@ -4,15 +4,80 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux Kernel", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "5.6.7-1" + }, + { + "version_value": "4.19.118-2" + }, + { + "version_value": "4.9.210-1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-460" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304", + "refsource": "CONFIRM" + }, + { + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702", + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.4/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14314.json b/2020/14xxx/CVE-2020-14314.json index df7f3e19919..08e17601469 100644 --- a/2020/14xxx/CVE-2020-14314.json +++ b/2020/14xxx/CVE-2020-14314.json @@ -4,15 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14314", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux Kernel", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "before 5.9-rc2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1" + }, + { + "url": "https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7@redhat.com/T/#u", + "refsource": "MISC", + "name": "https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7@redhat.com/T/#u" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9416.json b/2020/9xxx/CVE-2020-9416.json index 214f553c483..db2efa1a705 100644 --- a/2020/9xxx/CVE-2020-9416.json +++ b/2020/9xxx/CVE-2020-9416.json @@ -172,6 +172,11 @@ "name": "http://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "http://www.tibco.com/services/support/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-september-15-2020-tibco-spotfire", + "url": "https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-september-15-2020-tibco-spotfire" } ] },